USA Media Coverage
|
‘Tis the Season for Security Resolutions, Not PredictionsAs 2012 comes to a close, many security vendors have issued predictions on what security issues and trends would dominate our collective attention in the New Year. Read more Dec 27, 2012 |
|---|---|
|
Be Prepared: 4 Steps to Better Data Disaster PlanningWhile more than a month has gone by since the devastating Hurricane Sandy hit the East Coast, the photographs and videos of the incredible destruction will be hard to forget. Read more Dec 20, 2012 |
Microsoft Patches Critical Remote Flaws in Word, IE and WindowsA rare critical Microsoft Word vulnerability was patched today by Microsoft, one of seven security updates pushed out repairing 11 flaws. Read more Dec 11, 2012 |
|
|
The Last Patch Tuesday of 2012Today is the last Patch Tuesday of 2012. Its seven bulletins bring the total count for the year to 83, significantly down from last year’s 100 bulletins and even more from the 2010 count, which ended at 117 bulletins. Read more Dec 11, 2012 |
|
Windows 8, RT to Receive More Critical Patches Next TuesdayWindows 8 and RT are set to receive their second lineup of bug fixes when next week's Patch Tuesday rolls around. Read more Dec 7, 2012 |
Microsoft Fixing 11 Vulnerabilities for December Patch TuesdayMicrosoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle. Read more Dec 6, 2012 |
|
|
Major Exploit Hits Tumblr, Affects Over 8,600 UsersA massive attack against Tumblr appears to have impacted more than 8,600 users whose blogs are apparently becoming infected through the act of clicking on an infected site. Read more Dec 3, 2012 |
Don’t Get SaaS-y with Me: 5 CloudBeat Lessons you Need to KnowBig business is embracing the cloud more than ever. Cloud tech has reached a level of acceptance in the past year, with many companies moving out of pilot projects and into full-on deployments of critical parts of their business onto cloud-based systems. Read more Nov 30, 2012 |
|
Cloud Security Experts: Use Multi-Factor Authentication, You DummiesIf you’re not using multi-factor authentication as a company or as a consumer, you really need to start. No, seriously, go turn it on now if you can. Read more Nov 28, 2012 |
|
|
Updates Browsers Still Vulnerable to Attack if Plugins are OutdatedPsst. Is your browser up-to-date? You may think you are safe because you update the Web browser regularly, but chances are you are still surfing the Web with highly vulnerable software. Read more Nov 27, 2012 |
|
A Chat with Wolfgang Kandek, CTO, Qualys…On November 8th, I attended the Qualys Security Conference 2012 at the Berkeley hotel in London. At the end of the day, I was lucky enough to catch up with Wolfgang Kandek, CTO of Qualys. Read more Nov 26, 2012 |
|
Cybergangs Target Online ShoppersHere's how cybergangs are targeting online holiday shoppers, and here's what you can do to protect yourself. Read more Nov 26, 2012 |
|
SMBs Face the Biggest Threats from Cyber Monday ShoppingMany employees will spend a portion of their day hunting for bargains on the Monday following Thanksgiving weekend, and companies should prepare for the increased security risks. Read more Nov 21, 2012 |
|
|
With Shopping Scams on the Rise, Watch for These ThreatsHoliday shopping means a spike in online scams, fraud, and malware, so you need to be aware of the risks and threats, and exercise some common sense to avoid a cyber-Grinch incident. Read more Nov 21, 2012 |
|
Half Of Machines Shopping On Cyber Monday Likely Contain VulnerabilitiesMeanwhile, businesses more worried about productivity than security threats Read more Nov 20, 2012 |
|
Facebook Praised for Encrypting Web Access by DefaultMove to HTTPS will protect users accessing the social network via public Wi-Fi networks Read more Nov 20, 2012 |
|
|
Facebook to Roll Out HTTPS by Default to all UsersThe connections of all Facebook users with the website will be encrypted by default Read more Nov 20, 2012 |
|
Adobe to Fix Flash Player on Patch TuesdaysAdobe has changed its schedule for releasing Flash Player security updates to coincide with Microsoft's Patch Tuesday schedule. Read more Nov 19, 2012 |
|
Facebook Adopts Secure Web Pages by DefaultFacebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail Read more Nov 19, 2012 |
Courtot Mixes Business with Extreme Skiing, Hurricane ChasingMost Admired CEO Profile on Qualys' Philippe Courtot Read more Nov 16, 2012 |
|
|
|
Beyond Antivirus Software: Eclectic PC Security Tools for System-Wide AuditsWelcome to a harsh reality: Relying on an ostensibly comprehensive antivirus suite just doesn't cut it in 2012. Read more Nov 13, 2012 |
'Multiple Vulnerabilities' Found in Windows 8Security firm Vupen says it has found several serious security loopholes in the new Windows 8 operating system (OS). Read more Nov 8, 2012 |
|
|
Despite Windows 8 Zero-Day, Vendors Laud Security of New Microsoft OSSecurity experts at several security firms are heralding Windows 8, Microsoft's new endpoint platform, as the safest operating system to date. Read more Nov 8, 2012 |
|
|
Adobe, Now ‘Married’ to Microsoft, Moves Flash Updates to Patch TuesdayWill sync Flash security updates with partner's monthly schedule Read more Nov 7, 2012 |
|
|
Vupen Claims “Remote Code Executiion” on Windows 8Reminds the industry that Windows is unlikely to ever be bulletproof, says one security expert Read more Nov 2, 2012 |
|
Flaws patched in Apple's Safari browser and iOS 6Apple has released updates to address flaws in its Safari 6 web browser and iOS 6 mobile operating system. Read more Nov 2, 2012 |
|
|
Government-Funded Hackers Say They've Already Defeated Windows 8's New Security MeasuresLast week’s Windows 8 launch wasn’t just a major product release for Microsoft. It seems to have been a banner day for the government-funded hackers who take Microsoft’s software apart, too. Read more Oct 31, 2012 |
|
Windows 8 Security: Mostly Good, Some BadEven though Microsoft's Windows 8 is not specifically a security release, the new Secure Boot and better memory management hardens the desktop against attackers. Read more Oct 26, 2012 |
|
|
Windows 8 Raises the Bar for PC SecuritySecurity features in Windows 8 that will keep your PC and data safe. Read more Oct 26, 2012 |
|
|
Windows 8 Security Focuses on Early Malware DetectionIn Windows 8, Microsoft has greatly improved the operating system's ability to detect malware before it has a chance to run, experts say. Read more Oct 26, 2012 |
|
|
Qualys Adds Vulnerability Prediction Capabilities To QualysGuard PlatformQualys has updated two of its products to help administrators better manage vulnerabilities and mitigation, the company said Wednesday at its own Qualys Security Conference in Las Vegas Read more Oct 24, 2012 |
SSL Implementation Flaws Found in Many Android AppsA study conducted by German researchers found that more than 1,000 out of 13,500 Android applications contained serious flaws in their SSL implementation Read more Oct 23, 2012 |
|
|
|
inShare Permalink RSS Russian Service Rents Access To Hacked Corporate PCsService provides stolen remote desktop protocol credentials, letting buyers remotely log in to corporate servers and PCs, bypassing numerous security defenses. Read more Oct 23, 2012 |
|
|
Zero-Day Attacks Long-Lived, Presage Mass ExploitationZero-day attacks escape detection for an average of 10 months; once they go public, attacks multiply dramatically, researchers find Read more Oct 18, 2012 |
|
|
Apple Tries to Kill its Own Java on Most MacsApple took other measures to shove Mac owners towards Oracle, including removing Java options from the Preferences window. Read more Oct 18, 2012 |
|
|
Zero-Day Arracks Escape Detection for Nearly a Year: Symantec StudyAttacks using undisclosed “zero-day” vulnerabilities remain hidden for anywhere from 19 days to 30 months, according to new research that found eleven previously undetected attacks. Read more Oct 18, 2012 |
|
Oracle Squashes 109 Bugs in Quarterly Patch BatchHot fresh Java will flush parasites from your system Read more Oct 17, 2012 |
|
|
3 Must-Fix Vulnerabilities Top Oracle CPU PatchesTwo CVSS 10.0 and one 9.0 flaws top the charts on a Critical Patch Update list chock full of remotely exploitable vulnerabilities Read more Oct 17, 2012 |
|
|
Web App Design at the Core of Coding Weaknesses, Attacks, Says ExpertDevelopers need to work on creating strong designs for Web applications by rethinking their coding practices and the process in place to fix bugs Read more Oct 16, 2012 |
|
|
More Banks Come Under Denial-of-Service AttackCapital One and SunTrust came under attack this week using denial-of-service techniques that are evading defenses meant to blunt such attacks Read more Oct 13, 2012 |
|
|
Mozilla Praised for Pulling Flawed Firefox 16Move shows commitment to privacy, but experts say Google's Chrome and Microsoft's Internet Explorer are more secure Read more Oct 12, 2012 |
|
|
Qualys Expands QualysGuard PCI Cloud PlatformQualys has expanded QualysGuard PCI to assist organizations of all sizes to meet Payment Card Industry (PCI) Data Security Standards (DSS), including new internal scanning requirements. Read more Oct 12, 2012 |
|
|
Application Vulnerability Disclosures Rise, Microsoft FindsApplication vulnerabilities are on the rise in 2012 Read more Oct 11, 2012 |
|
U.S. Security Vendors Wary of Chinese Telecom Suppliers, Call for TransparencyQualys CEO: Huawei needs to "disconnect" from Chinese government Read more Oct 10, 2012 |
|
|
Your October 2012 Patch Tuesday Update from MicrosoftMicrosoft released seven bulletins in Windows, Office and SQL Server today as part of its monthly update cycle. Read more Oct 9, 2012 |
1 'Critical' Item and 2 Advisories in Microsoft's October Security UpdateFor the second month in a row, Microsoft is releasing an uncharacteristically light security update. Read more Oct 9, 2012 |
|
Microsoft Patches Critical Word Flaw; Certificate Key Length Changes are OfficialMicrosoft rolled out seven security updates today, including a fix for a critical remotely exploitable Word vulnerability Read more Oct 9, 2012 |
|
|
|
Microsoft Addresses Critical Word Flaws, New RSA Key LengthMicrosoft will begin requiring digital certificates to support an RSA key length of at least 1024 bits today, in accordance with a security advisory being pushed through Windows Update. Read more Oct 9, 2012 |
|
|
25 Critical Updates in Adobe Flash FixJust slightly out of kilter with today’s Microsoft ‘Patch Tuesday’, Adobe yesterday issued a patch for 25 Flash vulnerabilities Read more Oct 9, 2012 |
|
|
The Challenges of Securing Enterprises in a BYOD WorldBYOD is a growing reality, as employees are connecting a greater number of devices to enterprise networks on a daily basis, and CIOs and CSOs must prepare accordingly. Read more Oct 8, 2012 |
|
|
October Patch Tuesday PreviewAfter a very light September, October’s Patch Tuesday will revert to normal with seven security bulletins from Microsoft: one labeled critical and six labeled important. Read more Oct 5, 2012 |
Patch Tuesday: Microsoft's October Update Will Fix Security Vulnerabilities in OfficeThis month's release has seven bulletins--just one of them critical. Read more Oct 5, 2012 |
|
|
|
Microsoft to Patch 20 Bugs Next Week in Month of Office UpdatesSingle critical update will fix serious flaws in Office 2007, 2010 on Windows that hackers could use to hijack PCs Read more Oct 4, 2012 |
|
|
October 2012 Patch Tuesday: One Critical Bulletin ExpectedMicrosoft's October 2012 Patch Tuesday release will include seven bulletins, one deemed critical and six as important Read more Oct 4, 2012 |
|
|
Malicious Copy of MySQL Tool Distributed Through SourceForge MirrorA compromised copy of the MySQL administration tool phpMyAdmin was being served up via a SourceForge mirror site based in Korea that has since been taken out of the rotation, officials said. Read more Sep 26, 2012 |
|
|
inShare Permalink RSS Microsoft IE Patch Fixes Flaw Under Active AttackMicrosoft wins praise for quickly addressing five remote-execution security vulnerabilities, one of which is being used now in attacks Read more Sep 24, 2012 |
|
|
Clues, Experts Say Microsoft Knew of IE Zero-Day for Weeks Before PatchingBug-bounty program may have reported the browser flaw to Redmond in July Read more Sep 23, 2012 |
The Geography of HTML5 SecurityBook author and Qualys Director of Engineering Mike Shema outlines HTML5 security Read more Sep 22, 2012 |
|
|
|
Microsoft Releases Emergency IE PatchMicrosoft has released an out-of-band update fixing at least five vulnerabilities in Internet Explorer Read more Sep 21, 2012 |
|
|
Apple Goes Against Grain, Extends Support for Snow Leopard'Might be a Windows XP-like effect,' notes one security expert of Apple's patching of OS X 10.6 Read more Sep 20, 2012 |
|
|
Redmond Promised Emergency IE Bug Fix on Friday (zero day +5)Keep calm and carry on, advise security types Read more Sep 20, 2012 |
|
Huge iTunes Patch: Apply It and Move OnAlthough 163 security fixes is a big update for any product, Apple users should be more concerned with recent Java issues Read more Sep 17, 2012 |
Apple Plugs 163 iTunes Security HolesSecurity researcher Wolfgang Kandek said he doesn't believe iTunes is high on the priority list of attackers -- and it is possible none of the vulnerabilities could actually be exploited through iTunes. Read more Sep 14, 2012 |
|
|
|
The Perfect CRIME? New HTTPS Web Hijack Attack ExplainedBEASTie boys reveal ingenious login cookie gobble Read more Sep 14, 2012 |
|
'CRIME' Attack Abuses SSL/TLS Data Compression Feature to Hijack HTTPS SessionsSSL/TLS data compression leaks information that can be used to decrypt HTTPS session cookies, researchers say Read more Sep 13, 2012 |
|
|
Microsoft to Patch Adobe Flash Player in Windows 8 'Shortly'Microsoft said it will update Adobe Flash Player to close security holes before Windows 8 is generally available Read more Sep 13, 2012 |
Crack in Internet’s Foundation of Trust Allows HTTPS Session HijackingAttack dubbed CRIME breaks crypto used to prevent snooping of sensitive data Read more Sep 13, 2012 |
|
Microsoft Changes Mind; Will Patch Flash on IE 10 Before Windows 8 ShipsMicrosoft has reversed course and said it will patch a serious Adobe Flash vulnerability in Windows 8 and Internet Explorer 10 before the new Microsoft OS ships Oct. 26. Read more Sep 12, 2012 |
|
|
|
Experts Urge Prep for Microsoft’s Cert-Blocking UpdateScan networks for too-short keys, audit systems, test Oct. update before it rolls out, urge security pros Read more Sep 12, 2012 |
|
|
Microsoft to Patch Windows 8 Flash Bug Before OS ReleasedNo patching before release meant the forthcoming operating system would be vulnerable to attack immediately after it was made available Read more Sep 12, 2012 |
|
|
Web Application Firewalls and IPv6Does your WAF protect against IPv6 attacks? Read more Sep 11, 2012 |
|
|
Microsoft’s September Patch Tuesday Load Lighter Than UsualWith only two updates released on September's Patch Tuesday, Microsoft is going easy on IT departments this month Read more Sep 11, 2012 |
The September Lull: Microsoft Releases But Two Bulletins for This Month’s Patch TuesdayToday Microsoft announced and detailed the updates component to the latest edition of its monthly security update cycle Read more Sep 11, 2012 |
|
Microsoft Ships Two Bulletins in September Security UpdateThe Microsoft security team shipped just two bulletins - resolving as many holes - in the September, 2012 edition of Patch Tuesday. Read more Sep 11, 2012 |
|
|
|
RSA Key Length Change Should be Priority in September 2012 Patch TuesdayMicrosoft will be restricting Windows certificate acceptance rules next month and security experts indicate that since September has few software updates, security teams should prepare for the changes. Read more Sep 11, 2012 |
|
Why Are Web Applications a Security Risk?The CTO of Qualys explains how the shift from traditional to Web applications will require developers to raise their security games. Read more Sep 7, 2012 |
September’s Patch Tuesday is a LightweightBut “we’d like to remind you about an important change to Windows’ certificate requirements,” says Microsoft – so September is still going to be a busy month for sys admins. Read more Sep 7, 2012 |
|
|
|
Microsoft’s September Patch Tuesday Easy; October, Not So MuchSeptember's Microsoft Patch Tuesday preview is shaping up to be a fairly simple one Read more Sep 6, 2012 |
|
|
Get Ready: Microsoft is Raising the Bar for Encryption KeysNext Tuesday is already Patch Tuesday for September, but Microsoft only has a couple of relatively minor updates lined up. Don’t get too comfortable, though—you need to prepare for the changes Microsoft is making next month for cryptographic keys. Read more Sep 6, 2012 |
|
|
Microsoft Gives Users a Patch Break, and Time to Prep for Certificate SlayingUse the light Patch Tuesday to get ahead of key invalidation update slated for October, say experts Read more Sep 6, 2012 |
|
|
Microsoft Plans Two 'Important' Security Updates for Foxprom, System Management ServerCompared to what we've seen for much of this year, September is shaping up to be quiet on the Microsoft patching front. Read more Sep 6, 2012 |
|
|
Malware Analysis Tools and Techniques Failing But Researchers Aim For ImprovementHardened cryptographic algorithms and other defensive capabilities are making reverse engineering and analysis increasingly difficult for malware researchers Read more Sep 2, 2012 |
|
|
ABCs Of Factoring Risk Into Cloud Service DecisionsTaking an empirical, risk-based approach to deciding on third-party, shared-infrastructure services Read more Aug 31, 2012 |
|
|
Java Sandboxing Could Thwart Attacks, but Design May be ImpossibleCybercriminals are targeting known Java vulnerabilities and discovering zero-day exploits Read more Aug 29, 2012 |
|
|
Six Ways to Protect Against the New Actively Exploited Java VulnerabilityMethods for users to protect their computers from attacks that target a new and yet-to-be-patched vulnerability in all versions of Java Runtime Environment 7 Read more Aug 28, 2012 |
Newly Discovered Java Flaw Seen Exploited in WildInformation on a Java flaw that has been seen in targeted attacks in the wild Read more Aug 28, 2012 |
|
|
|
Dropbox Going Two-Factor, Becoming De FactoMove comes four weeks after the popular online file sharing service was hit by an embarrassing spam attack Read more Aug 28, 2012 |
|
|
Attack Code Surfaces Targeting Java Zero-Day FlawSecurity researchers at FireEye Inc. are warning of a new zero-day vulnerability affecting the latest version of Java Read more Aug 28, 2012 |
Serious New Java Vulnerability DiscoveredAn attack that targeted a previously unknown security hole in Java has recently been spotted. Read more Aug 28, 2012 |
|
|
|
Java 7 Under Attack: Researchers Advise It Be Disabled During the InterimSecurity researchers are urging channel partners and administrators to limit use of Java 7 while they work to resolve a new zero-day exploit in Java 7 Read more Aug 27, 2012 |
|
|
Warning: Java Zero Day Flaw Under AttackA zero-day vulnerability in Java is being actively exploited in the wild. Read more Aug 27, 2012 |
|
|
Emergency Adobe Update APSB12-19 Addresses More Flash Player FlawsAdobe Systems Inc. has released six security updates in Security bulletin APSB12-19 Read more Aug 22, 2012 |
|
|
New Patches for Adobe Flash PlayerAdobe has issued new patches for Flash on Windows, Mac, Linux and Android, for Air on Windows and Mac, and for the Air SDK. Read more Aug 22, 2012 |
|
|
Patch Tuesday Déjà vu: Adobe Patches Flash…AgainDouble-Take for IT Admins Read more Aug 22, 2012 |
|
|
How To Protect Your Commercial Web ServerPublic Internet servers are among criminals’ favorite targets. Is your security strategy up to the challenge? Read more Aug 22, 2012 |
|
|
Apache Patches Fifty Bugs, Two Security Flaws, in Web ServerThe Apache Software Foundation has fixed over fifty bugs, including two security vulnerabilities, in its venerable Web server software. Read more Aug 22, 2012 |
Former White House Cybersecurity Official Joins Start-UpFormer cybersecurity officials work with start-ups Read more Aug 21, 2012 |
|
|
August 2012 Patch Tuesday Fixes Flaw Being Actively Targeted By AttackersMicrosoft issued nine security bulletins, addressing 26 vulnerabilities in its August 2012 Patch Tuesday Read more Aug 14, 2012 |
|
|
August Patch Tuesday: Microsoft Fixes XML, IE, and Oracle FlawsMicrosoft patches 26 vulnerabilities -- and revisits the XML patch from the July update. Read more Aug 14, 2012 |
|
|
Ready, Set, Patch! Microsoft Releases Nine Security Updates for Multiple ProductsThis month's patch load: Nine bulletins, 5 of which are critical, that address 27 vulnerabilities. Read more Aug 14, 2012 |
August’s Patch Tuesday Brings 9 Bulletins, Fixes 27 VulnerabilitiesThis month’s updates include 9 total bulletins, 5 of which are rated as ‘critical,’ addressing a total of 27 vulnerabilities. Read more Aug 14, 2012 |
|
8 of 9 Microsoft August Bulletins Battle RCE FlawsMicrosoft's monthly Security Update arrived today with nine bulletins addressing 26 vulnerabilities. Read more Aug 14, 2012 |
|
Critical Security Fixes from Adobe, MicrosoftAdobe and Microsoft each issued security updates today to fix critical vulnerabilities in their software. Read more Aug 14, 2012 |
|
|
|
5 Benefits of IT Compliance ProgramsNon-security benefits of compliance include improved asset management, streamlined IT operations, and bolstered intelligence about technology and business processes Read more Aug 13, 2012 |
August Patch Tuesday Heats Up with Five Critical Security BulletinsFive of Microsoft’s nine security bulletins set to be shipped Tuesday plug critical security flaws in a range of products. Read more Aug 13, 2012 |
|
|
|
Security Manager’s Journal: At Budget Time, you Ask and Hope to ReceiveOur manager has a long wish list as the annual budget time rolls around once again. Read more Aug 13, 2012 |
A Sneak Peek At Microsoft’s August Patch TuesdayMicrosoft prepares to release next week's August edition of Patch Tuesday Read more Aug 10, 2012 |
|
|
Vendors Roll Out Mobile Security, Vulnerability and Forensics ToolsA look at some of the releases from Black Hat, as well as the latest vulnerability management and forensics products Read more Aug 6, 2012 |
|
|
Third Parties Are IAM's Third WheelConnections with suppliers, partners, and contractors need better foresight and planning Read more Aug 6, 2012 |
|
|
Outlook.com Passwords: Does Length Really Matter?Aug 2, 2012 |
|
|
U.S. Cyber Coordinator Moves onWhat does the nation's first cyber security coordinator do for an encore on leaving government service? Read more Aug 1, 2012 |
ASEF Android Tool Analyzes App Security and BehaviorA researcher at Qualys has released a new tool designed to allow users to evaluate the security and behaviors of the apps installed on their Android devices. Read more Aug 1, 2012 |
|
|
|
Hackers Increasingly Aim for Cross-Platform VulnerabilitiesA Microsoft security researcher says malware makers seek 'economies of scale' Read more Aug 1, 2012 |
|
|
HTML5 WebSockets Identified As Security RiskWebSockets offer the promise of improved TCP connections, but do they also invite new forms of attack on your applications and infrastructure? Read more Jul 31, 2012 |
|
|
Black Hat 2012: Rodrigo Branco on New Malware Research DatabaseIn this interview with SearchSecurity.com News Director Robert Westervelt, Rodrigo Branco, director of vulnerability and malware research at Qualys, discusses his new malware analysis system. Read more Jul 27, 2012 |
|
|
Qualys adds IPv6 support to FreeScanQualys announced at Security B-Sides Las Vegas that FreeScan now includes support for IPv6. Read more Jul 26, 2012 |
|
|
Qualys Adds IPv6 Support to FreeScan ServiceUsing FreeScan, organizations can now scan IPv6 devices to detect possible vulnerabilities and take the steps necessary to remediate them. Read more Jul 26, 2012 |
|
|
New Tool Gives 150 Ways to Bypass Web App FirewallsReleased at Black Hat, tool can test if web application firewalls are vulnerable to protocol-level evasion techniques Read more Jul 25, 2012 |
|
|
Qualys Open-Source Mobile Security Tool Debuts at Black HatA new open-source framework from Qualys called ASEF is set to debut at the Black Hat Security conference this week. The tool lets anyone parse Android apps and figure out if there are risks. Read more Jul 24, 2012 |
|
|
Qualys Announces General Availability Of Its Dynamic Asset Tagging and Management TechnologyTechnology enables customers to identify, categorize, and manage large numbers of assets in highly dynamic IT environments Read more Jul 24, 2012 |
|
|
Black Hat Makes Light of Accidental Password-Reset EmailA Black Hat volunteer mistakenly sent to 7,500 conference goers a password-reset email that was initially thought to be a phishing attempt. Read more Jul 24, 2012 |
|
|
Black Hat 2012: Hackers to Explore Malware Analysis, Next-Gen AttacksResearchers will share insights into next-generation malware and hacker techniques at the 2012 Black Hat Briefings in Las Vegas next week. Read more Jul 20, 2012 |
|
Mobile and Web Security Will Be Major Topics at Black HatMobile and Web Security Will Be Major Topics at Black Hat Read more Jul 20, 2012 |
|
|
Ten Must-See Black Hat 2012 SessionsA selection of talks, recommended for all audiences and guaranteed to be hits. Read more Jul 18, 2012 |
|
|
Firefox 14 Gets Kudos for Security'They're doing great work in the security area,' says security firm CTO of open source browser group Mozilla Read more Jul 18, 2012 |
|
|
'Waldo' Finds Ways To Abuse HTML5 WebSocketsBlack Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic Read more Jul 17, 2012 |
|
|
Will Advanced Attackers Laugh At Your WAF?Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses Read more Jul 17, 2012 |
|
How to Make Your Website Hacker-ProofSimple steps to avoid trouble Read more Jul 12, 2012 |
|
|
Your Birthday Is a Terrible PasswordA Qualys researcher used pattern-matching analysis to find date-based passwords in the LinkedIn hash dump Read more Jul 12, 2012 |
July’s Patch Tuesday Brings 9 Bulletins, Addressing Some 16 Vulnerabilities Including a Critical Fix IE9Jul 10, 2012 |
|
|
|
Patch Tuesday: Microsoft Pushes Nine Fixes For 16 FlawsMicrosoft on Tuesday issued nine security bulletins to address three "critical" and six "important" security issues. Read more Jul 10, 2012 |
Microsoft’s July Security Update Arrives With Unexpected IE FixMicrosoft released its monthly security rollout today, which includes three fixes rated "critical" and six designated "important." Read more Jul 10, 2012 |
|
|
|
Microsoft Fixes XML Flaw as Attackers Circle in Patch Tuesday UpdateMicrosoft plugged a number of security holes today impacting Windows, Internet Explorer and other products as part of its monthly security update. Read more Jul 10, 2012 |
|
|
Microsoft Patches XML Flaw Under Attack and 15 More VulnerabilitiesJul 10, 2012 |
|
|
July Patch Tuesday: XML 5 Still VulnerableMicrosoft fixes some -- but not all -- XML flaws in the July Patch Tuesday security update. Meanwhile, Internet Explorer is set to get more frequent patches. Read more Jul 10, 2012 |
|
|
Microsoft Patch Tuesday Takes Aim At Key XML, IE9 VulnerabilitiesMicrosoft has released nine bulletins addressing 16 vulnerabilities Read more Jul 10, 2012 |
|
|
Patch Tuesday Preview, July 2012Jul 9, 2012 |
Malware Monday: Last-Minute Checks to Avoid Internet ShutdownMalware Monday is July 9 Read more Jul 8, 2012 |
|
How To Test Your Computer For DNS Changer MalwareThe malware could cause as many as 64,000 Americans' computers to lose Internet service on Monday. Read more Jul 7, 2012 |
|
|
|
Microsoft's XML 0-day fix expected in July Patch TuesdayHack attack smack Read more Jul 6, 2012 |
|
|
There Is No Excuse for Still Being Infected with DNSChangerThe FBI estimates that as many as 275,000 PCs are still at risk of losing access to the Web on Monday Read more Jul 6, 2012 |
|
|
Patch Tuesday: Time to Use the Flame-Retardant Windows Update ClientUpdated Windows Update software fixes vulnerabilities exploited by Flame malware Read more Jul 5, 2012 |
Microsoft Prepping 9 Fixes for July's PatchMicrosoft is readying three "critical" bulletins and six "important" items for this month's security update Read more Jul 5, 2012 |
|
|
|
Researchers Use Cloud To Clear Up Malware EvasionAn analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware Read more Jul 3, 2012 |
Former White House Cyber Czar Rejoins Private SectorFormer White House Cyber Coordinator Howard Schmidt, who retired in May, has landed back in the private sector. Read more Jul 2, 2012 |
|
|
|
If Security Were The Only Factor, a Windows 8 Upgrade Would Be A No-BrainerWindows 8 benefits from a decade of Microsoft security focus Read more Jun 30, 2012 |
|
|
4 Signs That Apple's Sharpening Its Security GameApple is quietly making some subtle, incremental security moves in the face of new threats to its products Read more Jun 28, 2012 |
|
|
Former Cybersecurity Czar Howard Schmidt Joins Qualys Board of DirectorsQualys announced this week that former cybersecurity czar Howard Schmidt will join the company’s Board of Directors Read more Jun 27, 2012 |
|
|
Changes to PCI rules: What you need to knowChanges to PCI rules: What you need to know Read more Jun 27, 2012 |
|
|
Howard A. Schmidt, Former White House Cybersecurity Coordinator, Joins Qualys Board of DirectorsDistinguished global authority on Internet security and critical infrastructure to bring public sector expertise and help expand industry collaboration Read more Jun 26, 2012 |
Qualys helps businesses comply with Cookie DirectiveQualysGuard WAS identifies cookies that have been issued without the user’s consent Read more Jun 25, 2012 |
|
|
|
Qualys Helps Organizations Comply With EU Cookie DirectiveQualysGuard Web Application Scanning (WAS) service will be able to help customers identify Web application cookies in order to help organizations comply with the European Union (EU) Cookie Directive Read more Jun 25, 2012 |
The 50 Most Powerful People In Enterprise TechThe 50 biggest movers and shakers in enterprise tech Read more Jun 22, 2012 |
|
Microsoft Windows Update SSL Certificate Gets Failing GradeNonetheless, there's no hard evidence Win Update is unsafe, crypto expert says. Read more Jun 18, 2012 |
|
VMware Patches Virtualization FlawsBugs would allow attackers with administrator-level access to cause a denial of service or even take control of a targeted environment. Read more Jun 18, 2012 |
|
|
|
Vulnerabilities in Open Source WAF ModSecurityGuest post from Qualys' Ivan Ristic on ModSecurity update Read more Jun 18, 2012 |
|
|
Qualys Brings Security, Compliance Platform to Private CloudsQualys recently introduced a private cloud version of its QualysGuard Cloud Platform Read more Jun 15, 2012 |
Qualys Unveils Private Cloud Version of Security PackageQualys introduced this week a private cloud version of its QualysGuard Cloud Platform Read more Jun 14, 2012 |
|
|
|
Oracle and Apple Update Java – and So Should YouOf particular note with the Oracle June Java update is the fact that Apple is also updating Java at the same time. Read more Jun 14, 2012 |
|
Microsoft Readies Post-Flame Windows Update ChangesPaused limited test update for Patch Tuesday, will feed more secure update client 'in a few days' to stymie Flame-like attacks Read more Jun 13, 2012 |
|
|
Your June 2012 Patch Tuesday UpdateMicrosoft released seven security bulletins addressing approximately 27 vulnerabilities scattered across Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the .NET Framework Read more Jun 12, 2012 |
June’s Patch Tuesday Brings in 7 Bulletins, Addresses 27 VulnerabilitiesJune’s Patch Tuesday has some seven bulletins, of which three are rated critical, that address some 27 vulnerabilities. Read more Jun 12, 2012 |
|
Internet Explorer RCP Fix Highlights June’s Security UpdateMicrosoft released its June patch today, which includes three "critical" security items and four "important" bulletins Read more Jun 12, 2012 |
|
Stolen LinkedIn Passwords Can Sell for as Low as $1Jun 12, 2012 |
|
Qualys Introduces Private Cloud Version of QualysGuard PlatformCustomers can host and operate the security and compliance platform within their data centers Read more Jun 12, 2012 |
|
Qualys Launches Private Cloud Version of Security and Compliance PlatformSecurity provider Qualys has launched its QualysGuard Private Cloud Platform Read more Jun 11, 2012 |
|
|
|
Qualys Releases Virtualized Private CloudAllows customers to host and operate the security and compliance platform within their data centers to meet the varying needs of Private, Community, Public, and Hybrid Cloud services Read more Jun 11, 2012 |
|
|
Qualys Launches Private Cloud Version of QualysGuard PlatformQualys today introduced a private cloud version of its QualysGuard Cloud Platform Read more Jun 11, 2012 |
|
|
Lessons Learned From Cracking 2 Million LinkedIn PasswordsJun 8, 2012 |
|
|
Dissecting LinkedIn's Response to the Password BreachJun 8, 2012 |
|
|
PCI Requires Merchants to Pass Internal Vulnerability AssessmentsThe PCI Standards Security Council will require merchants to show proof of passing an internal vulnerability assessment beginning June 30, noted Alex Quilter, director of PCI at Qualys. Read more Jun 8, 2012 |
|
|
Microsoft to Repair Internet Explorer Fault Discovered at Hacking ContestPatch Tuesday will deal with exploit demoed at Pwn2Own competition Read more Jun 8, 2012 |
Microsoft’s June Security Patch To Deliver 3 Critical Windows FixesMicrosoft's monthly security update will be arriving this Tuesday, and it's already turning out to be a replay of sorts. Read more Jun 7, 2012 |
|
|
|
Microsoft's Reaction to Flame Shows Seriousness of 'Holy Grail' HackCompany's fast, sweeping response proves how critical it considers Windows Update Read more Jun 7, 2012 |
|
|
5 Ways You’re Wasting Compliance DollarsFighting redundancy and ineffectual practices leaves more money for meaningful security Read more Jun 4, 2012 |
|
|
Passing the Internal Scan for PCI DSS 2.0Insight on the updated PCI DSS requirement, highlighting the need for internal vulnerability scanning Read more Jun 4, 2012 |
|
Tips to Speed up Your Security PatchingSoftware patching is a relatively simple task, and is an increasingly critical key to defend against security breaches by hackers armed with vulnerability scanners. Read more May 28, 2012 |
|
|
Project Finds, Purges Vulnerable Code Snippets From The NetCommunity effort hopes to clean up insecure code found in the public domain Read more May 23, 2012 |
|
|
Top 10 Patching Hurdles and How to Overcome ThemCommon hurdles for patching and tips that organizations can use to move toward a better patching posture. Read more May 23, 2012 |
|
Apple Releases QuickTime 7.7.2 for Windows, Fixes 17 FlawsApple QuickTime version 7.7.2 is out, fixing 17 security vulnerabilities in the multimedia framework. Read more May 17, 2012 |
|
|
Apple Security Update Fixes QuickTime VulnerabilitiesGuest post from Rodrigo Branco, Director of Vulnerability and Malware Research at Qualys, about Apple's latest advisory. Read more May 16, 2012 |
|
|
Apple Issues QuickTime Patch for Windows, OSX Users SafeApple issued a QuickTime update for Windows users on Tuesday night, patching 17 vulnerabilities that were not known to be in the wild yet. Read more May 16, 2012 |
|
|
Google Unleashes Chrome 19, Flattens 20 BugsHot fuzz spawns QuickTime patch Read more May 16, 2012 |
|
|
Qualys Adds Security Experts to CTO/CSO Advisory BoardMay 14, 2012 |
|
|
Apple's OS X, Safari Updates Improve OS X SecurityApple is legendary for its iron-fist control over what can or cannot run on its operating system. However, there are signs the company is beginning to relinquish some of the responsibility back to the vendors. Read more May 12, 2012 |
Why Do Software Holes Take So Long to Fix?Experts weigh in about how long it takes for vendors to patch vulnerabilities. Read more May 10, 2012 |
|
|
|
New .secure Internet Domain On Tap'Safe neighborhood' top-level domain will require SSL, DNSSEC, and other security measures for websites Read more May 10, 2012 |
|
|
Apple OS X Update Puts Elderly Flash Out Of Its MiserySecurity fixes include new Safari that executes old plugins Read more May 10, 2012 |
|
|
Apple Auto-Disables Outdated Versions of Flash Player In Latest Software UpdateFollowing a recent update to its iOS software that addressed several security issues with Apple’s mobile devices, the Cupertino tech titan pushed another significant software update today, this time for its flagship Mac OS X operating system and Safari Web browser. Read more May 10, 2012 |
10 Years of Trustworthy Computing: The Current State of Windows SecurityA decade after launching its Trustworthy Computing initiative, Microsoft has come a long way but faces new challenges. Read more May 10, 2012 |
|
|
|
Your May 2012 Patch Update from MicrosoftMicrosoft has just released seven bulletins -- three critical and four important -- addressing 23 vulnerabilities, as part of its monthly Patch Tuesday rollout. Read more May 8, 2012 |
|
|
Microsoft Releases Seven Security UpdatesThis month, Microsoft released seven bulletins, three critical and four important, that addressed a total of 23 vulnerabilities. Read more May 8, 2012 |
|
|
Microsoft Fixes Critical Flaws with Patch Tuesday UpdatesMicrosoft released a total of seven new security bulletins for May’s Patch Tuesday. Read more May 8, 2012 |
|
|
Adobe and Apple Patch VulnerabilitiesAdobe released a patch to cover a critical update in Flash at the end of last week. Read more May 8, 2012 |
|
‘May Day, May Day’: Microsoft Scrambles to Plug Critical HolesMicrosoft plans to ship in May seven security bulletins, including three critical bulletins to plug remote code execution holes in Microsoft Windows, Office, .NET Framework, and Silverlight. Read more May 7, 2012 |
|
|
Adobe Patches Flash Player Bug as Hackers Attack IE for WindowsAdobe released an emergency update today to fix a critical vulnerability in Adobe Flash Player for Windows, which has come under attack. Read more May 4, 2012 |
May's Patch Tuesday to Address Vulnerabilities in Windows, OfficeThe upcoming Patch Tuesday, scheduled to take place May 8, will include seven security bulletins addressing a total of 23 vulnerabilities. Read more May 4, 2012 |
|
A Patch Is Not Always a PatchSometimes a patch is not actually a patch; it is a configuration workaround. Read more May 4, 2012 |
|
Most Secure Websites Aren'tDid you know that most ‘secure’ websites actually aren’t all that secure? Read more May 4, 2012 |
|
|
|
Microsoft Announces 7 Bulletins for May 2012 Patch Tuesday, Closes Book on MAPP Data LeakIn addition to its advance notification for Patch Tuesday, Microsoft uncovers the party responsible for leaking security information and exposing customers to attacks against RDP Read more May 3, 2012 |
May 2012 Patch Tuesday Includes 7 Bulletins, 2 CriticalSecurity Bulletin Advance Notification released on Thursday provides Patch Tuesday preview. Read more May 3, 2012 |
|
|
|
Oracle Addresses 0-day "TNS Poison"Guest post from Wolfgang Kandek on Oracle's workaround for Oracle Database vulnerability CVE-2012-1675 Read more May 2, 2012 |
|
|
Global Dashboard for Monitoring the Quality of SSL SupportGuest post from Ivan Ristic about SSL Pulse, a continuously updated dashboard that is designed to show the state of the SSL ecosystem at a glance. Read more May 1, 2012 |
|
|
Trustworthy Internet Movement Builds SSL 'Avengers'Industry's top names in SSL development agree to join task force Read more Apr 30, 2012 |
|
|
8 Reasons Conficker Malware Won’t DiePoor corporate password practices and continuing use of Autorun help explain why eradicating this three-year-old worm has been so difficult. Read more Apr 30, 2012 |
|
|
Sick SSL Ecosystem: 90% of HTTPS Sites Insecure, 75% Vulnerable to BEAST AttackTrustworthy Internet Movement's SSL Pulse shows 90% of the world's 200,000 most popular websites with HTTPS-enabled are actually insecure and 75% are vulnerable to the BEAST attack. Read more Apr 29, 2012 |
Microsoft: Conficker Worm Still a Major ThreatWeak security passwords and overlooked security updates have kept Conficker, a malware 'worm' first reported in 2008, alive and well. Read more Apr 27, 2012 |
|
|
|
Microsoft Conficker Work Remains ‘Ongoing’ ThreatThree-year-old 'dead' Windows worm infection is still spreading -- mainly via weak or stolen passwords, new Microsoft report says Read more Apr 25, 2012 |
|
|
Microsoft: Conficker Worm Continues to Plague EnterprisesThe notorious Conficker worm, which began infecting Windows systems in 2008 but has not had a new variant in more than two years, continues to dog enterprises more than three years later, according security experts at Microsoft. Read more Apr 25, 2012 |
|
|
Oracle Patches 88 Issues in Mammoth Security UpdateOracle released 88 security fixes addressing vulnerabilities in over 35 products in its portfolio as part of its Critical Patch Update. Read more Apr 17, 2012 |
|
|
Oracle Patches 88 VulnerabilitiesOracle will release 88 vulnerability fixes across hundreds of its offerings as part of a scheduled quarterly security update. Read more Apr 16, 2012 |
|
|
SSL/TLS Deployment Best PracticesSSL/TLS is a deceptively simple technology. It is easy to deploy, and it just works… except that it does not, really. Read more Apr 16, 2012 |
|
|
Two Mac Trojans: Apple Patching Fast Enough?Apple Friday released a Java security update to battle the Apple OS X malware known as Flashback. Read more Apr 16, 2012 |
|
|
Oracle to Issue Quarterly Patches Next WeekAs part of its scheduled quarterly security update, Oracle announced that on Tuesday it will release 88 new vulnerability fixes across hundreds of its offerings, covering more than 30 product lines. Read more Apr 13, 2012 |
|
|
Apple Issues Software Update to Fix Flashback Vulnerabilities and Disable JavaApple released a software update last night for Java in order to remove the most common variants of the Flashback malware. Read more Apr 13, 2012 |
|
|
Flashback Malware Removal Cleverly Reduces Risks for MacsBetter late than never? Apple has released the third Java update in a week for Mac OS X, and this one contains the tool to remove the Flashback malware from infected systems. Read more Apr 13, 2012 |
|
|
Microsoft begins final two years of support for XPMicrosoft has confirmed that it will end support for Windows XP and Office 2003 in two years. Read more Apr 11, 2012 |
|
|
End of Windows XP Support Era Signals Beginning of Security NightmareConsumer, corporate and even SCADA systems could be at risk when Microsoft stops supporting Windows XP. Read more Apr 11, 2012 |
Adobe, Microsoft Issue Critical UpdatesAdobe and Microsoft today each issued critical updates to plug security holes in their products. Read more Apr 10, 2012 |
|
|
|
Microsoft April 2012 Patch Tuesday Repairs Critical IE Flaws, ActiveX Control IssueMicrosoft issued a major browser security update, repairing critical Internet Explorer flaws as part of its April 2012 Patch Tuesday. Read more Apr 10, 2012 |
|
Microsoft Released Six Comprehensive Security UpdatesThis month Microsoft issued six bulletins, four critical, two important, addressing 11 distinct vulnerabilities. Read more Apr 10, 2012 |
|
|
Microsoft's Patch Tuesday Brings Seven Critical FixesBulletins warn of SQL Server, Visual Basic, IE threats as well Read more Apr 10, 2012 |
|
|
Microsoft Patches Critical Windows Zero-Day Bug That Hackers Are Now ExploitingFixes first security flaw in Windows 8 Consumer Preview Read more Apr 10, 2012 |
Tuesday Top Tips – Qualys SSL LabsIf you are configuring SSL on your website or online application (and you should be these days), use the resources over at Qualys SSL Labs. Read more Apr 10, 2012 |
|
Death, Taxes, and Microsoft's Patch TuesdayIT administrators in the US better have their taxes done already because Microsoft is sending plenty of work on Tuesday with six security bulletins, four of which are rated critical and could lead to remote exploitation by hackers. Read more Apr 9, 2012 |
|
|
|
Microsoft's Patch Tuesday Will Address Exploits in Office 2010, IE94 of 6 bulletins rated critical Read more Apr 5, 2012 |
|
|
Patch Tuesday Preview: 6 Security Bulletins, 11 Vulnerabilities, 4 CriticalPreview of April 2012 Security Bulletin Read more Apr 5, 2012 |
|
|
Microsoft Slates Critical Windows, Office, IE Patches Next Week, Including 'Head-Scratcher'Reveals Patch Tuesday's agenda, plans to fix 11 flaws with six security updates Read more Apr 5, 2012 |
|
|
Apple Patches Malware-Targeted Java BugApple released a patch for multiple Java vulnerabilities, a couple of days after a security vendor reported that password-stealing malware exploiting the flaws was floating about the Web. Read more Apr 4, 2012 |
|
|
Apple Plugs Java Hole After Flashback Trojan Intrusion6 weeks after Microsoft machines are patched... Read more Apr 4, 2012 |
Apple Patches OS X Java Security FlawsApple recently released a Mac OS X update that patches 12 Java security flaws, including a vulnerability that was being actively exploited by the latest version of the Flashback Trojan. Read more Apr 4, 2012 |
|
|
|
Apple Updates Java After Malware SpreadsOne day after security researchers spotted active exploits taking advantage of gaping vulnerability in Java software running on Mac OS X machines, Apple released a fix. Read more Apr 3, 2012 |
1.5 Million Infected with Drive-by Malware in FebruaryApr 3, 2012 |
|
|
|
BlackHole exploit targets Java bug through browser-based attacksA recently discovered Java exploit will have many updating, or even removing, the program. Read more Mar 30, 2012 |
|
|
Adobe Fixes Critical Security Flaws In Flash PlayerAdobe Systems (NSDQ:ADBE) has released a Flash Player update that fixes two critical vulnerabilities and adds an automatic update feature. Read more Mar 29, 2012 |
Adobe Auto-Update Eases Flash Update Chore - on Windows OnlyBackdoors plugged without lifting a finger Read more Mar 29, 2012 |
|
|
|
Digging into Verizon DBIR: Hacking, Malware, Cyber-ThreatsWhile we all seized on the fact that hacktivists were reponsible for more than half of the data records stolen in 2011, Verizon's Data Breach Investigations Report had a few more gems. Read more Mar 23, 2012 |
|
|
Hardening the Endpoint Operating SystemQualys CTO Wolfgang Kandek, talks about the effects of hardening the endpoint operating system and improving the resilience against common attacks. Read more Mar 22, 2012 |
|
|
Microsoft Flaw Demonstrates Dangers Of Remote Desktop AccessFear is that attackers will soon come up with exploits for targeted attacks, worms Read more Mar 14, 2012 |
|
|
Malicious Proxies May Become Standard FareDNSChanger shows that funneling infected network traffic to central servers can enable massive fraud, but the technique has significant weaknesses, as well Read more Mar 13, 2012 |
|
|
Your March 2012 Patch Update from MicrosoftMicrosoft's March 2012 security update just landed. Read more Mar 13, 2012 |
|
|
Microsoft Issues Urgent Patch for 'Wormable' RDP VulnerabilityMicrosoft released six new security bulletins today for the March 2012 Patch Tuesday. Read more Mar 13, 2012 |
Critical Windows Bug Could Make Worm Meat of Millions of High-Value MachinesMicrosoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required. Read more Mar 13, 2012 |
|
|
|
Microsoft Incites Madness with March's Patch Tuesday ReleaseDetails emerge on Microsoft's most critical patch of the year Read more Mar 13, 2012 |
Microsoft: Remote Desktop Protocol Vulnerability Should be Patched ImmediatelyMicrosoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible. Read more Mar 13, 2012 |
|
Patch Tuesday: Microsoft Fixes Critical Bug in Remote Desktop ProtocolThis month's update from Redmond includes six security advisories, but a pair of IE zero-day exploits demonstrated at last week's Pwn2Own hacking contest remain unpatched. Read more Mar 13, 2012 |
|
|
Dangerous Microsoft RDP Vulnerabilities Repaired in Patch TuesdayMicrosoft issued six security bulletins, including one critical update that addresses two serious Windows Remote Desktop Protocol (RDP) vulnerabilities that could be exploited by an attacker to take complete control of a system or prevent it from working properly. Read more Mar 13, 2012 |
RDP Flaws Lead Microsoft’s March Patch BatchMicrosoft today released updates to sew up at least seven vulnerabilities in Windows and other software. Read more Mar 13, 2012 |
|
|
|
Microsoft to Patch Windows Bug Called 'Holy Grail' by One ResearcherAnnounces next week's Patch Tuesday line-up, will fix 7 flaws in Windows, developer software Read more Mar 9, 2012 |
The Week in Security: Microsoft, Google and AdobeAlthough the number of patches in Microsoft's Patch Tuesday this month is relatively low, the pain point may come in the rebooting. Read more Mar 9, 2012 |
|
Microsoft Plans Light Patch Tuesday for MarchMicrosoft has a relatively quiet Patch Tuesday planned for this month, with just six bulletins on the way for next week. Read more Mar 8, 2012 |
|
March’s Patch Tuesday to Contain 6 Bulletins, Only One of Which is ‘Critical’It’s that time of the month again, friends, when gather round the table to stare at the batch of fixes that Microsoft has compiled to respond to newly uncovered security issues in its products. Read more Mar 8, 2012 |
|
DNSChanger-infected Machines Won't Be Disconnected, for NowIt's good news for the owners of the computers still infected by the DNSChanger malware Read more Mar 7, 2012 |
|
Major Phishing Contributors and EnablersAgari announced the first Annual Sumo Awards to dishonor phishing's biggest contributors and enablers. Read more Mar 6, 2012 |
|
|
|
Virtual Scanners for Consultants, Enterprises and the CloudQualys announced virtual scanner appliances for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance. Read more Mar 1, 2012 |
|
IT Security & Network Security News & Reviews: RSA 2012: eWEEK Labs Picks the 21 Hottest Security VendorsThe RSA Conference 2012 (Feb. 27-March 2) will set the security agenda for the year. More than 300 companies are at the expo, but I've picked the 21 stops I'm making while in San Francisco. Read more Feb 29, 2012 |
In Pictures: RSA Conference 2012 (Day 2)Highlights from RSA Day 2 Read more Feb 29, 2012 |
|
|
|
Surveying Policies, Controls and ComplianceQualys unveiled a new service for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance to help businesses further automate their compliance tasks and reduce the time and effort for manual assessment of IT and non-IT controls. Read more Feb 29, 2012 |
RSA 2012: Qualys Updates Cloud Platform, Launches Web Application Firewall ServiceThe increasing adoption of cloud-based security services is an ongoing trend at RSA this year, and cloud security service provider Qualys chose the conference to announce a host of new modules for their QualysGuard cloud security platform and to take the wraps of their new QualysGuard Web Application Firewall (WAF) service. Read more Feb 28, 2012 |
|
|
|
Automated managing of enterprise assetsQualys announced the availability of hierarchical Dynamic Asset Tagging for its QualysGuard Cloud Platform and suite of applications for security and compliance. Read more Feb 28, 2012 |
BSidesSF: Amol Sarwate on SCADA Security ChallengesIn a presentation at the Security BSides San Francisco event, Amol Sarwate - Security Research Manager at Qualys - examined how SCADA security and advance persistent threats have now taken center stage. Read more Feb 28, 2012 |
|
Expert Panel at RSA 2012: Who's Responsible for Cloud Security?Experts discuss cloud security questions at CSA Summit Read more Feb 27, 2012 |
|
|
|
0-day analysis service by QualysQualys launched Zero-Day Risk Analyzer, a new service to help companies protect their IT systems against zero-day attacks which is delivered as part of the QualysGuard Cloud Platform Read more Feb 27, 2012 |
|
|
#BSidesSF: Why SCADA security is such an uphill struggleWe've covered the troubles with SCADA security at length, but have yet to see a real consensus on how to proceed. Amol Sarwate, security research manager at Qualys, took a crack at making sense of things at BSidesSF Monday morning. Read more Feb 27, 2012 |
Eradicating Malware from Enterprise Web SitesQualys announced a new service to help enterprises detect and eradicate malware from their web sites. Read more Feb 27, 2012 |
|
|
|
IT Security & Network Security News & Reviews: RSA Conference 2012: Hot Security Products for Cloud, BYODThis year marks the 20th anniversary of the RSA conference, and companies are descending on San Francisco's Moscone Convention Center with product announcements and demonstrations highlighting the latest and greatest in their security portfolios. Read more Feb 27, 2012 |
Qualys Pushes Major Enhancements to its Flagship QualysGuard SuiteQualys has a history of making major product announcements at the RSA Conference in San Francisco each year, and this year is no exception. Read more Feb 27, 2012 |
|
|
|
RSA Conference 2012 Opens in San FranciscoThe world’s top information security professionals and business leaders gathered for the opening of the annual RSA Conference being held at San Francisco’s Moscone Center. Read more Feb 27, 2012 |
|
|
What's Hot at RSA This WeekSlideshow of hot products at RSA Conference 2012, including enterprise edition of the QualysGuard Malware Detection Service and QualysGuard Zero-Day Risk Analyzer Read more Feb 26, 2012 |
|
|
Do you need to worry about the advanced persistent threat?Qualys CTO discusses how to reduce susceptibility to attacks Read more Feb 26, 2012 |
|
|
Better Information Sharing is the Future of Security, Experts SayPotential seen for more proactive security following release of free threat intelligence feed Read more Feb 24, 2012 |
|
|
Web Encryption That WorksSSL technology isn't perfect, but it can be an effective security tool for your organization. Here are four tips for optimizing its performance Read more Feb 24, 2012 |
|
|
Five Schemes for Redeeming Trust in SSLCreativity loves constraint and for security thinkers trying to shore up Web authentication today, that constraint is SSL/TLS Read more Feb 21, 2012 |
|
|
Open Source Tool Detects Videoconferencing Equipment VulnerabilitiesNew open source tool can detect whether a given videoconferencing system is vulnerable to attack Read more Feb 17, 2012 |
|
|
The Decision to Strip Online Certificate Revocation Checks From Chrome Is Misguided, Symantec SaysStripping OCSP (Online Certificate Status Protocol) and CRL (certificate revocation list) checks from Google Chrome could have dangerous implications because it will turn Google into a single point of failure, according to security vendor Symantec. Read more Feb 17, 2012 |
Oracle’s Patches Address Java SE Security FlawsOracle released one CPU (critical patch update), which plugs 14 security holes within one of its products namely Java SE Read more Feb 16, 2012 |
|
|
|
Adobe Flash Flaw Under Attack, Update IssuedCross-site scripting vulnerability in Flash is being targeted by emails containing malicious links Read more Feb 16, 2012 |
The 8 Best Tips You'll Ever Get On How To Launch (And Grow) A StartupPhilippe Courtot is a well-known name in the security industry and for good reason. Read more Feb 16, 2012 |
|
|
|
Oracle Plugs 14 Holes in JavaOracle this week issued a critical patch update (CPU) that fixes 14 vulnerabilities in its Java SE product. Read more Feb 16, 2012 |
|
|
Microsoft, Oracle, Adobe Send Patches for Valentine's DayDetails come forward on Valentine's Day/Patch Tuesday security bulletins from Microsoft, Adobe and Oracle Read more Feb 14, 2012 |
|
|
February Patch Tuesday Lighter Than ExpectedIt turns out that this February Patch Tuesday is lighter than we had anticipated. Read more Feb 14, 2012 |
|
|
February 2012 Patch Tuesday: Critical IE, Windows Kernel Flaws FixedMicrosoft repaired 23 vulnerabilities this month Read more Feb 14, 2012 |
|
|
Microsoft to Fix Internet Explorer HolePatch Tuesday to include nine fixes for 21 vulnerabilities. Read more Feb 13, 2012 |
|
|
Microsoft to Fix Internet Explorer HolePatch Tuesday to include nine fixes for 21 vulnerabilities Read more Feb 13, 2012 |
|
|
Microsoft to Patch 21 Bugs TuesdayMicrosoft previews fixes in apps including Internet Explorer and Windows. Read more Feb 10, 2012 |
|
|
Valentine's Day Patch Tuesday: Microsoft to Issue 9 Patches, 4 CriticalProgress continues as Microsoft will issue fewest February patches since 2009 Read more Feb 9, 2012 |
|
|
Patch Tuesday Preview, February 2012Qualys CTO's assessment of this month's Patch Tuesday. Read more Feb 9, 2012 |
|
|
Microsoft to Issue More Critical Patches Next Week for Win7 Than XPIE update likely the one users will want to apply ASAP, say researchers Read more Feb 9, 2012 |
|
|
Microsoft's February Patch Tuesday Fixes 21 BugsMicrosoft is expected to show some love for Windows administrators on Valentine's Day, with nine patches fixing 21 vulnerabilities in February's Patch Tuesday release. Read more Feb 9, 2012 |
Critics Slam SSL Authority for Minting Certificate for Impersonating SitesCritics are calling for the ouster of Trustwave as a trusted issuer of secure sockets layer certificates after it admitted minting a credential it knew would be used by a customer to impersonate websites it didn't own. Read more Feb 9, 2012 |
|
|
|
Microsoft Issues Patch Plans, Includes Internet Explorer FixMicrosoft on Thursday posted its plans for next week's Patch Tuesday. Read more Feb 9, 2012 |
|
|
Microsoft Ruining Valentine's Day with Nine Security BulletinsNext Tuesday is a big deal. Read more Feb 9, 2012 |
|
|
Marlinspike Asks Browser Vendors to Back SSL-Validator'Convergence' open source dev needs vendors to balance the load Read more Feb 8, 2012 |
|
|
Hackers May Be Able to 'Outwit' Online Banking Security DevicesInvestigators probe malware threat to 2-factor authentication Read more Feb 6, 2012 |
|
|
FBI Prepares to Shut Down DNSChanger Temporary Servers, Infections RemainThousands of computers still infected with the DNSChanger Trojan will not be able to access the Internet after the FBI shuts down its temporary servers March 8. Read more Feb 5, 2012 |
|
|
Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanetOracle patched three products to address a vulnerability in Web Application frameworks that could cause a denial of service due to hashing collisions. Read more Feb 2, 2012 |
|
|
Half of Fortune 500 Firms Infected with DNS ChangerMachines will be cut off from the Web next month, say experts Read more Feb 2, 2012 |
|
|
Symantec Patches PCAnywhere, But Should You DeleteSymantec says hotfix 'eliminates known vulnerabilities,' but hackers could use source code to exploit unknown holes. Some users will want to delete the app entirely. Read more Feb 1, 2012 |
|
|
Detecting the DNS Changer MalwareDNS servers handling traffic of infected machines will be shutdown in March, cutting off Internet access to those infected. Read more Feb 1, 2012 |
CSO Interchange: Cloud Concerns Are Largely PropagandaLast week’s CSO Interchange roundtable centered on “Barriers to Cloud Adoption”, with talks on identity issues from Jericho Forum’s Paul Simmonds and SSL from security researcher Moxie Marlinspike. Read more Jan 30, 2012 |
|
|
Qualys Expands Its FreeScan ServiceQualys announced its new and improved FreeScan service to help SMBs audit and protect their web sites from security vulnerabilities and malware infections. Read more Jan 20, 2012 |
Is Oracle Neglecting Database Security?Oracle's big critical patch update on Jan. 17 set a record for the fewest fixes for database products--only two of the 78 total fixes in the CPU. Read more Jan 20, 2012 |
|
|
|
Oracle Scorned for Paltry Database PatchesWith only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck. Read more Jan 19, 2012 |
|
|
Oracle CPU Contains Lowest Number Of Database Fixes EverDatabase security community concerned about Oracle's patch bottleneck Read more Jan 18, 2012 |
|
|
Oracle Patches 78 VulnerabilitiesOracle publishes Critical Patch Updates (CPUs) on a quarterly schedule. Read more Jan 18, 2012 |
|
|
Oracle Repairs Two Database Flaws, Issues 78 Patches to Product LineOracle repaired two flaws in its database management system as part of its quarterly update this week that included 78 patches across its product portfolio. Read more Jan 18, 2012 |
|
|
Oracle Squashes 78 Software Bugs in Latest PatchOracle yesterday deployed 78 different security fixes aimed at patching holes throughout its various database products. Read more Jan 18, 2012 |
|
|
Oracle Readies 16 Highly Critical Security PatchesOracle (NSDQ:ORCL) plans to release next week dozens of security patches, 16 highly critical, for most of the software maker's products. Read more Jan 13, 2012 |
|
|
Reactions from the Security Community to the Trustworthy Computing InitiativeComments on the Trustworthy Computing Initiative that Help Net Security received from industry veterans. Read more Jan 13, 2012 |
Slow Read Attack: A New HTTP Denial of Service AttackA new HTTP-based threat, dubbed a "Slow Read attack" aims to cause an undetected Denial of Service (DoS) by exploiting a transmission control protocol (TCP) persist timer vulnerability. Read more Jan 12, 2012 |
|
|
|
Microsoft and Adobe Release First Major Patch Bundles of 2012Microsoft released seven bulletins last night to fix one critical issue on its first Patch Tuesday of 2012. Read more Jan 11, 2012 |
|
|
Adobe Plugs 6 Critical Holes in ReaderAlso gives IT admins more control over PDF docs' oft-exploited JavaScript Read more Jan 11, 2012 |
|
|
Adobe Repairs Critical Reader, Acrobat Flaws, Adds JavaScript ControlAdobe Systems Inc. issued its quarterly security update Tuesday, repairing six critical vulnerabilities in its Reader and Acrobat software. Read more Jan 10, 2012 |
|
|
Media Player, Security Bypass Are Focus of Microsoft's First Patch Tuesday of 2012Of the seven bulletins issued as part of Microsoft's first Patch Tuesday of the year, researchers agree that a vulnerability affecting Windows Media Player should be the first one patched. Read more Jan 10, 2012 |
|
|
Microsoft Releases Seven BulletinsQualys CTO Wolfgang Kandek on this month's Patch Tuesday Read more Jan 10, 2012 |
|
|
Microsoft's First 2012 Patch Tuesday Offers One Critical FixMicrosoft (NSDQ:MSFT) released Tuesday one critical bulletin in a package of seven that comprised the company's first monthly patch release of the year. Read more Jan 10, 2012 |
|
|
Exploit Code for Recent ASP.NET DoS Flaw Made PublicThe ASP.NET DoS flaw that has recently been revealed at the Chaos Communication Congress in Berlin has been patched by Microsoft in almost record time, but users who have not already implemented the patch should definitely hop to it Read more Jan 10, 2012 |
|
|
Microsoft January 2012 Patch Tuesday Issues Windows Media Fix, Resolves SSL Protocol WeaknessMicrosoft issued seven security bulletins, including one “critical” bulletin, repairing a serious Windows Media Player flaw that could be exploited in dangerous drive-by website attacks. Read more Jan 10, 2012 |
|
|
Microsoft Slays the BEAST, and Six Other Patch Tuesday UpdatesMicrosoft has released a total of seven security bulletins – one ranked as “critical”, with the remaining 6 designated merely as “important” Read more Jan 10, 2012 |
New Denial of Service Vulnerability Detailed, Doesn't Require Many PCsWhat you may not know is that there are denial of service (DoS) methods that don't need to be so distributed. Read more Jan 7, 2012 |
|
New Slow-Motion DoS Attack: Just a Few PCs, Little Fear of DetectionQualys Security Labs researcher Sergey Shekyan has created a proof-of-concept tool that could be used to essentially shut down websites from a single computer with little fear of detection. Read more Jan 7, 2012 |
|
|
|
Adobe Plans Fixes for Critical 3D Bugs in Reader, Acrobat XAdobe will fix a slew of security flaws in Reader and Acrobat, including the critical 3D vulnerabilities that were discovered in December, as part of its quarterly update. Read more Jan 6, 2012 |
|
|
Microsoft to Start 2012 with Seven Bulletins on Patch TuesdayMicrosoft has announced that it will release seven bulletins addressing eight vulnerabilities on its first patch Tuesday of 2012. Read more Jan 6, 2012 |
MetricStream, Qualys Partnership Brings Security and Risk Intelligence to IT-GRCQualys and MetricStream announce integration of MetricStream IT-GRC Solution with QualysGuard Vulnerability Management Read more Jan 6, 2012 |
|
Microsoft's 2012 Inaugural Security Patch to Include 7 FixesJanuary's Security Update from Microsoft, arriving next Tuesday, will feature six fixes for Windows and one fix for Microsoft developer tools, according to the company's advance notice. Read more Jan 5, 2012 |
|
|
|
Rated Critical: A Microsoft Security BlogHow can Microsoft's only unscheduled patch of 2011 help predict its security success in 2012? Read more Jan 5, 2012 |
|
|
Microsoft Plans 7 Fixes for January Patch TuesdayMicrosoft is planning seven fixes for January's Patch Tuesday release that will address bugs in all versions of Windows and possibly for the SSL/BEAST flaw. Read more Jan 5, 2012 |
|
|
Microsoft to Start New Year With Seven Security BulletinsMicrosoft plans to start the new year with a relatively large number of security bulletins covering eight vulnerabilities. Read more Jan 5, 2012 |
|
|
Researcher Devises Hard-to-detect Denial-of-service Attack Against HTTP ServersNew HTTP denial-of-service (DoS) attack relies on prolonging the time clients need to read Web server responses. Read more Jan 5, 2012 |
Cyberthreats Evolve, Start-ups RespondingTypes of security threats companies face have shifted dramatically in recent years. Read more Jan 4, 2012 |
|
|
The Year in Security: A Look Back at 2011 and Trends for 2012Reflecting on security events of 2011 to plan for 2012 Read more Jan 4, 2012 |
|
|
MetricStream and Qualys Partnership Brings Actionable Security and Risk Intelligence to IT-GRCntegration partnership enables corporations to continuously take full inventory of their IT assets Read more Jan 4, 2012 |
|
No Shelter From a Cybercrime StormDenial of service hole closed Read more Jan 3, 2012 |
|
|
Microsoft Publishes Workaround for ASP.NET VulnerabilityAdvisory provides workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various web platforms Read more Jan 3, 2012 |
